hash icon indicating copy to clipboard operation
hash copied to clipboard
verified publisher icon hashintel

SRE-46: Upgrade Docker Postgres to 18.1-alpine3.23

Open TimDiekmann opened this issue 1 month ago β€’ 3 comments

Upgrades the Docker Postgres base image to 18.1-alpine3.23

🌟 What is the purpose of this PR?

Upgrades the Postgres Docker base image from version 17-alpine3.22 to 18.1-alpine3.23. This change only affects local Docker development, not production AWS.

πŸ” What does this change?

  • Updates the Postgres Docker base image in apps/hash-external-services/postgres/Dockerfile from 17-alpine3.22 to 18.1-alpine3.23

Pre-Merge Checklist πŸš€

🚒 Has this modified a publishable library?

This PR:

  • [x] does not modify any publishable blocks or libraries, or modifications do not need publishing

πŸ“œ Does this require a change to the docs?

The changes in this PR:

  • [x] are internal and do not require a docs change

πŸ•ΈοΈ Does this require a change to the Turbo Graph?

The changes in this PR:

  • [x] do not affect the execution graph

πŸ›‘ What tests cover this?

  • Existing tests should cover this change

❓ How to test this?

  1. Checkout the branch
  2. Start the development environment with Docker
  3. Confirm that Postgres starts correctly with the new version

TimDiekmann avatar Dec 10 '25 17:12 TimDiekmann

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Dec 10 '25 17:12 CLAassistant

PR Summary

Upgrade Postgres to 18 across Docker and RDS, and switch the bastion host to ARM (t4g, arm64 AMI).

  • Postgres:
    • Docker: base image updated to postgres:18.1-alpine3.23 in apps/hash-external-services/postgres/Dockerfile.
    • AWS RDS Terraform: parameter group family -> postgres18 and engine_version -> 18 in infra/terraform/hash/postgres/postgres.tf.
  • Bastion (Terraform module):
    • Instance type changed to t4g.nano in infra/terraform/modules/bastion/bastion.tf.
    • AMI lookup updated to arm64 Amazon Linux 2023 (al2023-ami-2023.*-kernel-6.1-arm64) with architecture=arm64, virtualization-type=hvm in infra/terraform/modules/bastion/main.tf.

Written by Cursor Bugbot for commit 49f74a042536e99e3ccaf39de4e9215e6b08d6e8. This will update automatically on new commits. Configure here.

cursor[bot] avatar Dec 12 '25 18:12 cursor[bot]

Semgrep found 1 ec2-imdsv1-optional finding:

AWS EC2 Instance allowing use of the IMDSv1

semgrep-code-hashintel[bot] avatar Dec 12 '25 21:12 semgrep-code-hashintel[bot]